[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-49125":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":262,"aliases":263,"duplicate_of":9,"upstream":266,"downstream":267,"duplicates":318,"related":319,"reserved_at":9,"published_at":335,"modified_at":336,"state":337,"summary":338,"references_raw":347,"kevs":400,"epss":401,"epss_history":404,"metrics":683,"affected":695},"CVE-2025-49125","Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-288","Authentication Bypass Using an Alternate Path or Channel","The product requires authentication, but the product has an alternate path or channel that does not require authentication.","weakness","Incomplete","Base",[19,81],{"id":20,"name":21,"techniques":22},"CAPEC-127","Directory Indexing",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1083","File and Directory Discovery",[27],{"id":28,"name":29},"TA0102","Discovery",[31,36,40,45,50,55,60,65,69,73,77],{"id":32,"name":33,"tactic":34},"D3-FA","File Analysis",{"name":35},"Detect",{"id":37,"name":38,"tactic":39},"D3-FIM","File Integrity Monitoring",{"name":35},{"id":41,"name":42,"tactic":43},"D3-FEV","File Eviction",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-DF","Decoy File",{"name":49},"Deceive",{"id":51,"name":52,"tactic":53},"D3-FE","File Encryption",{"name":54},"Harden",{"id":56,"name":57,"tactic":58},"D3-RF","Restore File",{"name":59},"Restore",{"id":61,"name":62,"tactic":63},"D3-LFP","Local File Permissions",{"name":64},"Isolate",{"id":66,"name":67,"tactic":68},"D3-CF","Content Filtering",{"name":64},{"id":70,"name":71,"tactic":72},"D3-RFAM","Remote File Access Mediation",{"name":64},{"id":74,"name":75,"tactic":76},"D3-CQ","Content Quarantine",{"name":64},{"id":78,"name":79,"tactic":80},"D3-CM","Content Modification",{"name":64},{"id":82,"name":83,"techniques":84},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[85,120,159],{"id":86,"name":87,"tactics":88,"countermeasures":95},"T1211","Exploitation for Stealth",[89,92],{"id":90,"name":91},"TA0030","Defense Evasion",{"id":93,"name":94},"TA0005","Stealth",[96,100,104,108,112,116],{"id":97,"name":98,"tactic":99},"D3-MBT","Memory Boundary Tracking",{"name":35},{"id":101,"name":102,"tactic":103},"D3-PCSV","Process Code Segment Verification",{"name":35},{"id":105,"name":106,"tactic":107},"D3-SSC","Shadow Stack Comparisons",{"name":35},{"id":109,"name":110,"tactic":111},"D3-PSEP","Process Segment Execution Prevention",{"name":54},{"id":113,"name":114,"tactic":115},"D3-SAOR","Segment Address Offset Randomization",{"name":54},{"id":117,"name":118,"tactic":119},"D3-SFCV","Stack Frame Canary Validation",{"name":54},{"id":121,"name":122,"tactics":123,"countermeasures":129},"T1542.002","Component Firmware",[124,125,126],{"id":90,"name":91},{"id":93,"name":94},{"id":127,"name":128},"TA0110","Persistence",[130,135,139,143,147,151,155],{"id":131,"name":132,"tactic":133},"D3-SWI","Software Inventory",{"name":134},"Model",{"id":136,"name":137,"tactic":138},"D3-AVE","Asset Vulnerability Enumeration",{"name":134},{"id":140,"name":141,"tactic":142},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":35},{"id":144,"name":145,"tactic":146},"D3-FV","Firmware Verification",{"name":35},{"id":148,"name":149,"tactic":150},"D3-FBA","Firmware Behavior Analysis",{"name":35},{"id":152,"name":153,"tactic":154},"D3-SU","Software Update",{"name":54},{"id":156,"name":157,"tactic":158},"D3-RS","Restore Software",{"name":59},{"id":160,"name":161,"tactics":162,"countermeasures":171},"T1556","Modify Authentication Process",[163,164,167,168],{"id":90,"name":91},{"id":165,"name":166},"TA0112","Defense Impairment",{"id":127,"name":128},{"id":169,"name":170},"TA0031","Credential Access",[172,176,180,184,186,188,192,196,200,204,206,210,214,218,222,224,226,228,232,234,236,238,240,242,246,250,254,258],{"id":173,"name":174,"tactic":175},"D3-CI","Configuration Inventory",{"name":134},{"id":177,"name":178,"tactic":179},"D3-NTPM","Network Traffic Policy Mapping",{"name":134},{"id":181,"name":182,"tactic":183},"D3-AM","Access Modeling",{"name":134},{"id":32,"name":33,"tactic":185},{"name":35},{"id":37,"name":38,"tactic":187},{"name":35},{"id":189,"name":190,"tactic":191},"D3-PLA","Process Lineage Analysis",{"name":35},{"id":193,"name":194,"tactic":195},"D3-PSMD","Process Self-Modification Detection",{"name":35},{"id":197,"name":198,"tactic":199},"D3-PSA","Process Spawn Analysis",{"name":35},{"id":201,"name":202,"tactic":203},"D3-SFA","System File Analysis",{"name":35},{"id":41,"name":42,"tactic":205},{"name":44},{"id":207,"name":208,"tactic":209},"D3-PT","Process Termination",{"name":44},{"id":211,"name":212,"tactic":213},"D3-PS","Process Suspension",{"name":44},{"id":215,"name":216,"tactic":217},"D3-HR","Host Reboot",{"name":44},{"id":219,"name":220,"tactic":221},"D3-HS","Host Shutdown",{"name":44},{"id":46,"name":47,"tactic":223},{"name":49},{"id":51,"name":52,"tactic":225},{"name":54},{"id":56,"name":57,"tactic":227},{"name":59},{"id":229,"name":230,"tactic":231},"D3-RC","Restore Configuration",{"name":59},{"id":66,"name":67,"tactic":233},{"name":64},{"id":61,"name":62,"tactic":235},{"name":64},{"id":70,"name":71,"tactic":237},{"name":64},{"id":74,"name":75,"tactic":239},{"name":64},{"id":78,"name":79,"tactic":241},{"name":64},{"id":243,"name":244,"tactic":245},"D3-KBPI","Kernel-based Process Isolation",{"name":64},{"id":247,"name":248,"tactic":249},"D3-SCF","System Call Filtering",{"name":64},{"id":251,"name":252,"tactic":253},"D3-HBPI","Hardware-based Process Isolation",{"name":64},{"id":255,"name":256,"tactic":257},"D3-ABPI","Application-based Process Isolation",{"name":64},{"id":259,"name":260,"tactic":261},"D3-WSAM","Web Session Access Mediation",{"name":64},[],[264,265],"GHSA-wc4r-xq3c-5cf3","BIT-tomcat-2025-49125",[],[268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316],{"_key":269},"SUSE-SU-2025:02214-1",{"_key":271},"SUSE-SU-2025:02261-1",{"_key":273},"DLA-4244-1",{"_key":275},"DSA-6120-1",{"_key":277},"DSA-6121-1",{"_key":279},"SUSE-SU-2025:02280-1",{"_key":281},"SUSE-SU-2025:02978-1",{"_key":283},"SUSE-SU-2025:02979-1",{"_key":285},"SUSE-SU-2025:03024-1",{"_key":287},"OPENSUSE-SU-2025:15301-1",{"_key":289},"OPENSUSE-SU-2025:15302-1",{"_key":291},"OPENSUSE-SU-2025:15303-1",{"_key":293},"SUSE-SU-2026:1058-1",{"_key":295},"MGASA-2025-0191",{"_key":297},"DEBIAN-CVE-2025-49125",{"_key":299},"RHSA-2025:11695",{"_key":301},"RHSA-2025:11741",{"_key":303},"RHSA-2025:14177",{"_key":305},"RHSA-2025:14178",{"_key":307},"RHSA-2025:14179",{"_key":309},"RHSA-2025:14180",{"_key":311},"RHSA-2025:14181",{"_key":313},"RHSA-2025:14182",{"_key":315},"RHSA-2025:14183",{"_key":317},"UBUNTU-CVE-2025-49125",[],[320,321,322,323,324,325,326,327,328,329,330,331,333],{"_key":295},{"_key":269},{"_key":271},{"_key":279},{"_key":281},{"_key":283},{"_key":285},{"_key":287},{"_key":289},{"_key":291},{"_key":293},{"_key":332},"CGA-MQCQ-4VJ8-J6R4",{"_key":334},"CGA-XW38-R8W8-8C79","2025-06-16T14:18:09.610Z","2025-11-03T20:05:06.721Z","Modified",{"cisa_kev":339,"cisa_ransomware":339,"cisa_vendor":9,"epss_severity":340,"epss_score":341,"severity":342,"severity_score":343,"severity_version":344,"severity_source":345,"severity_vector":346,"severity_status":337},false,"low",0.00189,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[348,357,362,366,371,375,379,383,388,392,396],{"url":349,"sources":350,"tags":353},"https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk",[345,351,352],"nvd","osv_maven",[354,355,356],"Vendor Advisory","Mailing List","WEB",{"url":358,"sources":359,"tags":360},"http://www.openwall.com/lists/oss-security/2025/06/16/2",[345,351,352],[355,361,356],"Third Party Advisory",{"url":363,"sources":364,"tags":365},"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",[345,351,352],[356],{"url":367,"sources":368,"tags":369},"https://nvd.nist.gov/vuln/detail/CVE-2025-49125",[352],[370],"Advisory",{"url":372,"sources":373,"tags":374},"https://github.com/apache/tomcat/commit/7617b9c247bc77ed0444dd69adcd8aa48777886c",[352],[356],{"url":376,"sources":377,"tags":378},"https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9",[352],[356],{"url":380,"sources":381,"tags":382},"https://github.com/apache/tomcat/commit/d94bd36fb7eb32e790dae0339bc249069649a637",[352],[356],{"url":384,"sources":385,"tags":386},"https://github.com/apache/tomcat",[352],[387],"PACKAGE",{"url":389,"sources":390,"tags":391},"https://tomcat.apache.org/security-10.html",[352],[356],{"url":393,"sources":394,"tags":395},"https://tomcat.apache.org/security-11.html",[352],[356],{"url":397,"sources":398,"tags":399},"https://tomcat.apache.org/security-9.html",[352],[356],[],{"date":402,"score":341,"percentile":403},"2026-06-04",0.40553,[405,409,413,416,418,421,424,427,430,434,438,441,444,447,450,454,457,460,464,467,471,475,478,481,484,487,490,493,497,500,503,506,509,512,515,518,521,524,527,530,533,536,539,542,545,548,551,554,557,560,563,566,569,572,575,578,581,583,586,589,592,595,598,601,604,607,609,612,616,619,622,625,628,631,634,637,640,643,646,649,652,655,658,661,664,667,670,673,676,679],{"date":406,"score":407,"percentile":408},"2025-11-04",0.00079,0.24027,{"date":410,"score":411,"percentile":412},"2025-11-05",0.001,0.28418,{"date":414,"score":411,"percentile":415},"2025-11-06",0.28432,{"date":417,"score":411,"percentile":415},"2025-11-07",{"date":419,"score":411,"percentile":420},"2025-11-08",0.28435,{"date":422,"score":411,"percentile":423},"2025-11-09",0.28405,{"date":425,"score":411,"percentile":426},"2025-11-10",0.28382,{"date":428,"score":411,"percentile":429},"2025-11-11",0.28408,{"date":431,"score":432,"percentile":433},"2025-11-12",0.00075,0.23054,{"date":435,"score":436,"percentile":437},"2025-11-13",0.00072,0.22418,{"date":439,"score":436,"percentile":440},"2025-11-14",0.22416,{"date":442,"score":436,"percentile":443},"2025-11-15",0.22404,{"date":445,"score":436,"percentile":446},"2025-11-16",0.22346,{"date":448,"score":436,"percentile":449},"2025-11-17",0.22309,{"date":451,"score":452,"percentile":453},"2025-11-18",0.00458,0.61337,{"date":455,"score":452,"percentile":456},"2025-11-19",0.61351,{"date":458,"score":452,"percentile":459},"2025-11-20",0.6134,{"date":461,"score":462,"percentile":463},"2025-11-21",0.0008,0.24074,{"date":465,"score":462,"percentile":466},"2025-11-22",0.24072,{"date":468,"score":469,"percentile":470},"2025-11-23",0.00098,0.27597,{"date":472,"score":473,"percentile":474},"2025-11-24",0.00091,0.26165,{"date":476,"score":473,"percentile":477},"2025-11-25",0.26155,{"date":479,"score":473,"percentile":480},"2025-11-26",0.26145,{"date":482,"score":473,"percentile":483},"2025-11-27",0.26142,{"date":485,"score":473,"percentile":486},"2025-11-28",0.26108,{"date":488,"score":473,"percentile":489},"2025-11-29",0.26095,{"date":491,"score":473,"percentile":492},"2025-11-30",0.26064,{"date":494,"score":495,"percentile":496},"2025-12-01",0.00049,0.15117,{"date":498,"score":495,"percentile":499},"2025-12-02",0.15129,{"date":501,"score":495,"percentile":502},"2025-12-03",0.15156,{"date":504,"score":473,"percentile":505},"2025-12-04",0.26068,{"date":507,"score":473,"percentile":508},"2025-12-05",0.26104,{"date":510,"score":473,"percentile":511},"2025-12-06",0.2611,{"date":513,"score":473,"percentile":514},"2025-12-07",0.26077,{"date":516,"score":473,"percentile":517},"2025-12-08",0.2608,{"date":519,"score":473,"percentile":520},"2025-12-09",0.26129,{"date":522,"score":473,"percentile":523},"2025-12-10",0.26198,{"date":525,"score":473,"percentile":526},"2025-12-11",0.26218,{"date":528,"score":473,"percentile":529},"2025-12-12",0.26234,{"date":531,"score":473,"percentile":532},"2025-12-13",0.26235,{"date":534,"score":473,"percentile":535},"2025-12-14",0.26209,{"date":537,"score":473,"percentile":538},"2025-12-15",0.26183,{"date":540,"score":473,"percentile":541},"2025-12-16",0.26194,{"date":543,"score":473,"percentile":544},"2025-12-17",0.26251,{"date":546,"score":473,"percentile":547},"2025-12-18",0.26299,{"date":549,"score":473,"percentile":550},"2025-12-19",0.26308,{"date":552,"score":473,"percentile":553},"2025-12-20",0.26276,{"date":555,"score":473,"percentile":556},"2025-12-21",0.2623,{"date":558,"score":473,"percentile":559},"2025-12-22",0.26195,{"date":561,"score":473,"percentile":562},"2025-12-23",0.26162,{"date":564,"score":473,"percentile":565},"2025-12-24",0.26177,{"date":567,"score":473,"percentile":568},"2025-12-25",0.26253,{"date":570,"score":473,"percentile":571},"2025-12-26",0.26242,{"date":573,"score":473,"percentile":574},"2025-12-27",0.26227,{"date":576,"score":473,"percentile":577},"2025-12-28",0.26112,{"date":579,"score":473,"percentile":580},"2025-12-29",0.26081,{"date":582,"score":473,"percentile":517},"2025-12-30",{"date":584,"score":473,"percentile":585},"2025-12-31",0.26143,{"date":587,"score":495,"percentile":588},"2026-01-01",0.15619,{"date":590,"score":495,"percentile":591},"2026-01-02",0.15606,{"date":593,"score":495,"percentile":594},"2026-01-03",0.15583,{"date":596,"score":473,"percentile":597},"2026-01-04",0.26132,{"date":599,"score":473,"percentile":600},"2026-01-05",0.26118,{"date":602,"score":473,"percentile":603},"2026-01-06",0.26126,{"date":605,"score":473,"percentile":606},"2026-01-07",0.26152,{"date":608,"score":473,"percentile":559},"2026-01-08",{"date":610,"score":473,"percentile":611},"2026-01-09",0.26179,{"date":613,"score":614,"percentile":615},"2026-01-10",0.00097,0.27586,{"date":617,"score":614,"percentile":618},"2026-01-11",0.27566,{"date":620,"score":614,"percentile":621},"2026-01-12",0.27518,{"date":623,"score":614,"percentile":624},"2026-01-13",0.27498,{"date":626,"score":614,"percentile":627},"2026-01-14",0.27542,{"date":629,"score":614,"percentile":630},"2026-01-15",0.27539,{"date":632,"score":614,"percentile":633},"2026-01-16",0.27571,{"date":635,"score":614,"percentile":636},"2026-01-17",0.27576,{"date":638,"score":407,"percentile":639},"2026-01-18",0.23905,{"date":641,"score":407,"percentile":642},"2026-01-19",0.23859,{"date":644,"score":407,"percentile":645},"2026-01-20",0.23839,{"date":647,"score":614,"percentile":648},"2026-01-21",0.27413,{"date":650,"score":614,"percentile":651},"2026-01-22",0.27387,{"date":653,"score":614,"percentile":654},"2026-01-23",0.27459,{"date":656,"score":614,"percentile":657},"2026-01-24",0.27453,{"date":659,"score":614,"percentile":660},"2026-01-25",0.2738,{"date":662,"score":614,"percentile":663},"2026-01-26",0.27291,{"date":665,"score":614,"percentile":666},"2026-01-27",0.27271,{"date":668,"score":614,"percentile":669},"2026-01-28",0.2726,{"date":671,"score":614,"percentile":672},"2026-01-29",0.27212,{"date":674,"score":614,"percentile":675},"2026-01-30",0.27205,{"date":677,"score":614,"percentile":678},"2026-01-31",0.27209,{"date":680,"score":681,"percentile":682},"2026-02-01",0.00056,0.17694,[684,689,691],{"source":345,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":685,"cvss_v4_0":9},{"baseScore":343,"baseSeverity":686,"vectorString":346,"impactScore":687,"exploitabilityScore":688},"HIGH",6,10,{"source":351,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":690,"cvss_v4_0":9},{"baseScore":343,"baseSeverity":686,"vectorString":346,"impactScore":687,"exploitabilityScore":688},{"source":352,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":692},{"baseScore":693,"baseSeverity":9,"vectorString":694,"impactScore":9,"exploitabilityScore":9},6.3,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",[696,720,737,753],{"ecosystem":9,"name":697,"vendor":698,"product":699,"cpe_part":700,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":701},"Apache Tomcat","apache software foundation","apache tomcat","a",[702,708,712,716],{"version":703,"is_range":704,"range_type":345,"version_start":705,"version_start_type":706,"version_end":707,"version_end_type":706,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.7",true,"11.0.0-M1","including","11.0.7",{"version":709,"is_range":704,"range_type":345,"version_start":710,"version_start_type":706,"version_end":711,"version_end_type":706,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.41","10.1.0-M1","10.1.41",{"version":713,"is_range":704,"range_type":345,"version_start":714,"version_start_type":706,"version_end":715,"version_end_type":706,"fixed_in":9},">= 9.0.0.M1, \u003C= 9.0.105","9.0.0.M1","9.0.105",{"version":717,"is_range":704,"range_type":345,"version_start":718,"version_start_type":706,"version_end":719,"version_end_type":706,"fixed_in":9},">= 8.5.0, \u003C= 8.5.100","8.5.0","8.5.100",{"ecosystem":9,"name":721,"vendor":9,"product":721,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":722},"Tomcat",[723,729,733],{"version":724,"is_range":704,"range_type":725,"version_start":726,"version_start_type":706,"version_end":727,"version_end_type":728,"fixed_in":9},"gte9.0.0_lt9.0.106","cpe","9.0.0","9.0.106","excluding",{"version":730,"is_range":704,"range_type":725,"version_start":731,"version_start_type":706,"version_end":732,"version_end_type":728,"fixed_in":9},"gte10.1.0_lt10.1.42","10.1.0","10.1.42",{"version":734,"is_range":704,"range_type":725,"version_start":735,"version_start_type":706,"version_end":736,"version_end_type":728,"fixed_in":9},"gte11.0.0_lt11.0.8","11.0.0","11.0.8",{"ecosystem":738,"name":739,"vendor":740,"product":741,"cpe_part":9,"purl_type":742,"purl_namespace":740,"purl_name":741,"source":9,"versions":743},"Maven","org.apache.tomcat:tomcat-catalina","org.apache.tomcat","tomcat-catalina","maven",[744,747,749,751],{"version":745,"is_range":704,"range_type":746,"version_start":705,"version_start_type":706,"version_end":736,"version_end_type":728,"fixed_in":9},"gte11_0_0_M1_lt11_0_8","ecosystem",{"version":748,"is_range":704,"range_type":746,"version_start":710,"version_start_type":706,"version_end":732,"version_end_type":728,"fixed_in":9},"gte10_1_0_M1_lt10_1_42",{"version":750,"is_range":704,"range_type":746,"version_start":714,"version_start_type":706,"version_end":727,"version_end_type":728,"fixed_in":9},"gte9_0_0_M1_lt9_0_106",{"version":752,"is_range":704,"range_type":746,"version_start":718,"version_start_type":706,"version_end":719,"version_end_type":706,"fixed_in":9},"gte8_5_0_lte8_5_100",{"ecosystem":738,"name":754,"vendor":755,"product":756,"cpe_part":9,"purl_type":742,"purl_namespace":755,"purl_name":756,"source":9,"versions":757},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[758,759,760,761],{"version":745,"is_range":704,"range_type":746,"version_start":705,"version_start_type":706,"version_end":736,"version_end_type":728,"fixed_in":9},{"version":748,"is_range":704,"range_type":746,"version_start":710,"version_start_type":706,"version_end":732,"version_end_type":728,"fixed_in":9},{"version":750,"is_range":704,"range_type":746,"version_start":714,"version_start_type":706,"version_end":727,"version_end_type":728,"fixed_in":9},{"version":752,"is_range":704,"range_type":746,"version_start":718,"version_start_type":706,"version_end":719,"version_end_type":706,"fixed_in":9}]